1. Technical Field
The present disclosure relates to cryptographic keys and more specifically to generating device-specific cryptographic keys in a rate-limited way.
2. Introduction
Computer users today typically have secrets such as passwords or personal identification numbers (PINs) stored on a computing device for many applications requiring security. This also applies to users of mobile computing devices such as tablets and smart phones. The secret or a derivation thereof can serve as a cryptographic key to protect certain information and/or ensure that only the intended recipient has access to that information. A brute force attack is one approach an attacker can use to try to access sensitive information. A brute force attack is a series of attempts to guess the correct secret (i.e. the password or PIN). Due to the tremendous speed advances and increases in available parallel computing power, brute force attacks become easier, cheaper, and more attainable almost on a daily basis.
An attacker can perform a brute force attack on a cryptographic key by generating all possible combinations of keys and trying each one until the correct key is discovered. For many short and/or simple passwords, this is a trivial attack and can be performed quickly on a computing device of modest ability, to say nothing of a powerful server or bank of servers. As the number of users of computing devices increases, as the amount of personal, sensitive, and/or confidential information stored on those computing devices increases, and as the available computing power to attackers increases, user's secrets become more and more vulnerable to brute force and other attacks.